Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VMI won't work #73

Closed
ssdemajia opened this issue Aug 14, 2019 · 2 comments
Closed

VMI won't work #73

ssdemajia opened this issue Aug 14, 2019 · 2 comments

Comments

@ssdemajia
Copy link

ssdemajia commented Aug 14, 2019
edited
Loading

I use DECAF in ubuntu 18.04 64bits, and guest OS is ubuntu 14.04 32bit. I used procinfo_generic in ubuntu18.04 64bits to get kernel info. Isn't right? Because I got a large init_task addr that is:

[info]
total = 1

[1]
strName = 4.15.0-55-generic
init_task_addr  = 18446744071811703936
init_task_size  = 9088
ts_tasks        = 1960
ts_pid          = 2216
ts_tgid         = 2220
ts_group_leader = 2280
ts_thread_group = 2392
ts_real_parent  = 2232
ts_mm           = 2040
ts_stack        = 24
module_name   = 24
module_size   = 392
module_init   = 384
module_list   = 8
ts_real_cred    = 2624
ts_cred         = 2632
ts_comm         = 2640
cred_uid        = 4
cred_gid        = 8
cred_euid       = 20
cred_egid       = 24
mm_mmap         = 0
mm_pgd          = 80
mm_arg_start    = 296
mm_start_brk    = 272
mm_brk          = 280
mm_start_stack  = 288
vma_vm_start    = 0
vma_vm_end      = 8
vma_vm_next     = 16
vma_vm_file     = 160
vma_vm_flags    = 80
vma_vm_pgoff    = 152
file_dentry     = 32
file_inode      = 48
dentry_d_name   = 32
dentry_d_iname  = 56
dentry_d_parent = 24
ti_task         = 8
inode_ino   = 64

I found decaf found task struct in a small address.tulInitTaskAddr: 3249244800

DECAF/decaf/shared/linux_procinfo.cpp

Line 1788 in 8c12a8d

tulInitTaskAddr = findTaskStructFromThreadInfo(env, threadinfo, &pi, 0); 

➜  i386-softmmu git:(master) ✗ ./qemu-system-i386 -monitor stdio -m 2048 ./ubuntu1404_32.img -cdrom ~/ubuntu-14.04.6-desktop-i386.iso

(process:20336): GLib-WARNING **: 21:40:36.398: ../../../../glib/gmem.c:489: custom memory allocation vtable not supported
register_savevm slirp
register_savevm cpu
QEMU 1.0 monitor - type 'help' for more information
(qemu) inside bdrv open, drv addr= 0x0x560fb28b6e60, size= 32212254720
fs_open = Fragment 
inside bdrv open, drv addr= 0x0x560fb28c7950, size= 1170964480
fs_open error! drv addr=0x0x560fb28c7950
register_savevm DECAF
register_savevm funmap
register_savevm hookapi
inside vmi init 
tulInitTaskAddr: 3249244800

Procinfo path: /home/shaoshuai/DECAF/decaf/i386-softmmu/../shared/kernelinfo/procinfo_generic/procinfo.ini
terminate called after throwing an instance of 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::property_tree::ptree_bad_data> >'
  what():  conversion of data to type "j" failed
[1]    20336 abort (core dumped)  ./qemu-system-i386 -monitor stdio -m 2048 ./ubuntu1404_32.img -cdrom

how can I start vmi?

when I set init_task_addr = 3249244800, decaf will work.But how can I verify this VMI works righ?
@sycurelab
Copy link
Collaborator

It seems like a bug in linux_procinfo.cpp. A simple way to verify is by checking ps inside as well as from DECAF.

@ssdemajia
Copy link
Author

I get the right ubuntu14.04 proc info and it works! Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sycurelab @ssdemajia